Now we need to create content for the function specified in add_meta_box().

We’ll want to grab the $post, and get our saved field value (if one exists). We also need to include a security field that we’ll check against to make sure this is a valid submission from the WordPress Dashboard.

You’ll note that our field data is wrapped in an esc_attr() function. This escapes and encodes any data for proper use in an input field value.

When the post or page is submitted, we want to save any data in our custom fields.

To do that, we first look to see if the submitted data contains our security field. If it does, we validate that field using the wp_verify_nonce() function. We also check that the submitting user has permission to edit the post.

Finally, we make sure that our field was submitted with data. If all criteria are met, we can save our field.

It’s important to sanitize any data before saving it to the database. This prevents malicious code and scripts from being run on your server. We’ll use the wp_filter_post_kses() function, which strips our dangerous code and allows through anything you can include a post.